zoukankan      html  css  js  c++  java
  • K8S二进制安装方式(calico)模式添加node

    1. 签发证书

      # ca.pem, ca-key.pem ca-config.json 是原始签发的ca根证书,和json根
      # kubelet-csr.json 现在是统一做一个统一证书,以后可不用重复签发
      # cat kubelet-csr.json
      {
        "CN": "system:node",
        "hosts": [
          "127.0.0.1",
          "192.168.2.3",
          "192.168.2.4",
          "192.168.2.5",
          .....# 中间是遍历了所有网段的ip地址,这里不可以写网段
          .....
          "192.168.3.249",
          "192.168.3.250",
          "192.168.3.251",
          "192.168.3.252",
          "192.168.3.253"
        ],
        "key": {
          "algo": "rsa",
          "size": 2048
        },
        "names": [
          {
            "C": "CN",
            "ST": "HangZhou",
            "L": "XS",
            "O": "system:nodes",
            "OU": "System"
          }
        ]
      }
      
      cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kubelet-csr.json |cfssljson -bare kubelet
      
    2. 生成kubelet.kubeconfig 凭证

      1)set-cluster
      kubectl config set-cluster myk8s 
        --certificate-authority=/etc/kubernetes/ssl/ca.pem 
        --embed-certs=true 
        --server=https://127.0.0.1:6443 
        --kubeconfig=kubelet.kubeconfig
        
      #连接apiserver的
      2) set-credentials
      kubectl config set-credentials k8s-node 
       --client-certificate=/application/kubernetes/ssl/kubernetes.pem 
       --client-key=/application/kubernetes/ssl/kubernetes-key.pem 
       --embed-certs=true 
       --kubeconfig=kubelet.kubeconfig 
       
       
      3) set-context 
       
      kubectl config set-context myk8s-context 
        --cluster=myk8s 
        --user=k8s-node 
        --kubeconfig=kubelet.kubeconfig
        
        
      4) use-context
      kubectl config use-context myk8s-context --kubeconfig=kubelet.kubeconfig
      
    3. 配置kubelet的rbac权限

      # 下面2个都要运行,以前的一套为kubernetes,现在新创建的为k8s-node,以后统一使用K8S-node
      
      # cat kubernetes.yaml 
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRoleBinding
      metadata:
        name: k8s-node
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: system:node
      subjects:
      - apiGroup: rbac.authorization.k8s.io
        kind: User
        name: kubernetes
      
      # cat k8s-node.yaml 
      apiVersion: rbac.authorization.k8s.io/v1
      kind: ClusterRoleBinding
      metadata:
        name: k8s-node
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: system:node
      subjects:
      - apiGroup: rbac.authorization.k8s.io
        kind: User
        name: k8s-node
      
    4. kube-proxy.kubeconfig不需要每个node都配置,使用原先的

    5. 配置nginx 代理api-serser

      cat /etc/nginx/nginx.conf  #1.20需要另外安装stream模块
      ...
      stream {
             upstream apiserver_6443 {
              server 192.168.2.91:6443;
              server 192.168.2.92:6443;
              server 192.168.2.93:6443;
          }
      
              server {
              listen 6443;
              proxy_pass apiserver_6443;
          }
      }
      nginx -t 
      systemctl reload nginx 
      
    6. 配置ssh信任

      ssh-copy-id -i ~/.ssh/id_rsa.pub xxxx   #node8
      
    7. 将一系列文件拷贝至新node

      cd /etc/
      scp -r kubernetes/ node8:/etc/
      scp kubelet.kubeconfig node8:/etc/kubernetes/
      scp -r /etc/systemd/system/kubelet.service node8:/etc/systemd/system
      scp -r /etc/systemd/system/kube-proxy.service node8:/etc/systemd/system
      scp -r /var/lib/kubelet node8:/var/lib/
      scp -r /var/lib/kube-proxy/ node8:/var/lib/
      scp -r /etc/calico/ node8:/etc/
      scp -r /etc/cni/ node8:/etc/
      scp -r /etc/calico/ node8:/etc/
      
      
    8. 登录node8中,修改kubelet和kube-proxy的配置文件

      #修改成对应的ip地址
      略
      #hostname 不带特殊字符和_
      
    9. 安装docker

    10. 启动kubelet和kube-proxy

  • 相关阅读:
    map的初级应用
    RB-Tree删除详解
    RB-Tree插入过程详解
    红黑树操作详解——很形象的过程
    一个数据结构可视化的神奇网址——形象理解
    关于B树B+树的详细解释——绝对精彩
    c++入门之函数指针和函数对象
    树的平衡之AVL树——错过文末你会后悔,信我
    二叉查找树的删除
    1 vmware 如何联网,以及行命令令初步
  • 原文地址:https://www.cnblogs.com/dinghc/p/15241310.html
Copyright © 2011-2022 走看看